-
Notifications
You must be signed in to change notification settings - Fork 48
CORS configuration
Tom Kuijsten edited this page Sep 30, 2016
·
2 revisions
Since RC1 we support CORS through the HttpServerConfiguration object. Some sample configuration:
var configuration = new HttpServerConfiguration()
.RegisterRoute("api", someHandler)
.EnableCors();This will enable CORS and allow all origins, technically this means the Access-Control-Allow-Origin header will be set to "*". If you want to limit the origins, you can use this configuration:
var configuration = new HttpServerConfiguration()
.RegisterRoute("api", someHandler)
.EnableCors(x => x
.AddAllowedOrigin("http://specificserver:8800")
.AddAllowedOrigin("http://specificserver2"));In the preflight request the cors headers have the following default values:
Access-Control-Allow-Methods = GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age = 10 min
Access-Control-Allow-Headers = mirrors the Access-Control-Request-Headers field of the request.